Skills
skills/davidsgoncalves/goal-driven-development/code-like-me/Gen Agent Trust Hub

code-like-me

Pass

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted data from external sources, which constitutes an indirect prompt injection surface.
  • Ingestion points: The skill fetches data from Jira issues via searchJiraIssuesUsingJql and Figma designs via get_design_context as specified in SKILL.md.
  • Boundary markers: No explicit boundary markers or warnings to ignore instructions within external data are defined.
  • Capability inventory: The skill has access to Bash, Write, Edit, and Agent tools, enabling it to modify the file system and execute shell commands.
  • Sanitization: There is no mention of sanitizing external data before it influences the agent's plan or code output.
  • Mitigation: The skill requires the agent to present a plan and obtain explicit user approval before implementation, which is a key security control.
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute development commands such as linting and type checking (tsc --noEmit). While standard for development, these commands are dynamically determined by the project environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 14, 2026, 05:04 PM